Protecting your restaurant’s customer data

As technology advances and digital solutions proliferate, Restaurants become increasingly vulnerable to data security intrusions. As an article by the National Restaurant Association mentions: It is important to remember that businesses are responsible for protecting their customer’s credit card data from cyber criminals just as they are responsible for keeping burglars out of their establishment.

How Data Theft Happens

According to an article published on PizzaToday.com, data theft most often happens in three ways:

1- Hackers snag data at the point of authorization, without ever visiting the restaurants. All POS solutions must hold card data in memory prior to sending an authorization to the processor. Criminal Hackers can get administrative rights to the system through the Internet and access the POS system’s content.

2- They might also install a device that steals cardholder data upon a swipe. In some cases, the device might be a rogue look-alike; in others, the inspection seal might be broken or there may be an additional connector cable.

3- The old fashioned way of data theft is by dishonest employees. Some estimates hold that 20% of reported data breaches occur at the exchange of the credit card from customer to employee.

How to Prevent Data Theft

These are some of the recommendations found on Nation Restaurant News and the National Restaurant Association to maintain the security of your restaurant’s customer data:

– Change passwords frequently. Make sure to change passwords on the applications and devices used to accept and process credit card payments every 90 days

– Conduct regular scans of your network. Scan your system regularly for vulnerabilities. For a relatively low annual fee, a security vendor will remotely scan all your external system access points to determine if they are vulnerable to intrusion.

– Maintain a strong firewall. Install a commercial grade hardware firewall that is actively managed and tightly controlled.

– Separate POS Traffic. Make sure to separate your POS data traffic from your Wi-Fi system, security cameras, and any other connections.

– Ensure credit card data is encrypted. If you have an older POS system that sends raw data to a back-office server, you might need to upgrade it. Modern POS systems encrypt credit card data as soon as a card is swiped and immediately send the data to the payment processor without temporarily storing data.

– Use secure remote access only when necessary. Always change firewall default settings to allow only essential access by third-party vendors or managers working remotely, and limit access to secure methods such as VPN. Also, make sure to create strong passwords instead of using default codes, and change them often.

– Limit POS use. Limit the activity on the POS and payment systems to business use alone. Do not browse the web, email, use social media, play games or perform any other non POS-related activities on your POS system.

– Keep your POS software up to date. Apply all software and antivirus updates and patches. Systematically remove unused software, purge old information and disable unnecessary features.

– Conduct background checks on employees. It is important to address the human factor with the same level of attention as the automation factors. Conduct background checks on potential employees.

– Train your Staff. Educate staff on proper handling of credit card information.

What measures does your restaurant take to prevent data theft? Tell us by leaving a comment below!